From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 25 Jun 2020 13:19:51 +0000 (+0200)
Subject: MINOR: cli/ssl: handle trailing slashes in crt-list commands
X-Git-Tag: v2.2-dev11~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99cc21851fbdcc3331250e14f17c0df860518c54;p=thirdparty%2Fhaproxy.git

MINOR: cli/ssl: handle trailing slashes in crt-list commands

Trailing slashes were not handled in crt-list commands on CLI which can
be useful when you use the commands with a directory.

Strip the slashes before looking for the crtlist in the tree.
---

diff --git a/reg-tests/ssl/add_ssl_crt-list.vtc b/reg-tests/ssl/add_ssl_crt-list.vtc
index b5ca7797a8..6d3308bb97 100644
--- a/reg-tests/ssl/add_ssl_crt-list.vtc
+++ b/reg-tests/ssl/add_ssl_crt-list.vtc
@@ -70,11 +70,11 @@ shell {
     echo "new ssl cert ${testdir}/ecdsa.pem" | socat "${tmpdir}/h1/stats" -
     printf "set ssl cert ${testdir}/ecdsa.pem <<\n$(cat ${testdir}/ecdsa.pem)\n\n" | socat "${tmpdir}/h1/stats" -
     echo "commit ssl cert ${testdir}/ecdsa.pem" | socat "${tmpdir}/h1/stats" -
-    printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem [ssl-min-ver SSLv3 verify none allow-0rtt] localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
+    printf "add ssl crt-list ${testdir}/localhost.crt-list/ <<\n${testdir}/ecdsa.pem [ssl-min-ver SSLv3 verify none allow-0rtt] localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
     printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem [verify none allow-0rtt]\n\n" | socat "${tmpdir}/h1/stats" -
-    printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
-    printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem\n\n" | socat "${tmpdir}/h1/stats" -
-    printf "add ssl crt-list ${testdir}/localhost.crt-list ${testdir}/ecdsa.pem\n" | socat "${tmpdir}/h1/stats" -
+    printf "add ssl crt-list ${testdir}/localhost.crt-list/// <<\n${testdir}/ecdsa.pem localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
+    printf "add ssl crt-list ${testdir}/localhost.crt-list///// <<\n${testdir}/ecdsa.pem\n\n" | socat "${tmpdir}/h1/stats" -
+    printf "add ssl crt-list ${testdir}/localhost.crt-list// ${testdir}/ecdsa.pem\n" | socat "${tmpdir}/h1/stats" -
 }
 
 haproxy h1 -cli {
@@ -83,7 +83,7 @@ haproxy h1 -cli {
 }
 
 haproxy h1 -cli {
-    send "show ssl crt-list ${testdir}/localhost.crt-list"
+    send "show ssl crt-list ${testdir}/localhost.crt-list//"
     # check the options and the filters in any order
     expect ~ ".*${testdir}/ecdsa.pem \\[(?=.*verify none)(?=.*allow-0rtt)(?=.*ssl-min-ver SSLv3).*\\](?=.*!www.test1.com)(?=.*localhost).*"
 }
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index def0e22f6d..2ef3a376c0 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -824,6 +824,7 @@ static int cli_parse_dump_crtlist(char **args, char *payload, struct appctx *app
 	struct ebmb_node *lnode;
 	char *filename = NULL;
 	int mode;
+	char *end;
 
 	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
 		return 1;
@@ -843,6 +844,12 @@ static int cli_parse_dump_crtlist(char **args, char *payload, struct appctx *app
 		return cli_err(appctx, "'show ssl crt-list -n' expects a filename or a directory\n");
 
 	if (filename && *filename) {
+
+
+		/* strip trailing slashes, including first one */
+		for (end = filename + strlen(filename) - 1; end >= filename && *end == '/'; end--)
+			*end = 0;
+
 		lnode = ebst_lookup(&crtlists_tree, filename);
 		if (lnode == NULL)
 			return cli_err(appctx, "didn't find the specified filename\n");
@@ -1017,6 +1024,7 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
 	struct ebpt_node *inserted;
 	struct crtlist *crtlist;
 	struct crtlist_entry *entry = NULL;
+	char *end;
 
 	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
 		return 1;
@@ -1026,6 +1034,10 @@ static int cli_parse_add_crtlist(char **args, char *payload, struct appctx *appc
 
 	crtlist_path = args[3];
 
+	/* strip trailing slashes, including first one */
+	for (end = crtlist_path + strlen(crtlist_path) - 1; end >= crtlist_path && *end == '/'; end--)
+		*end = 0;
+
 	if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
 		return cli_err(appctx, "Operations on certificates are currently locked!\n");
 
@@ -1151,6 +1163,7 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
 	struct ckch_inst *inst, *inst_s;
 	int linenum = 0;
 	char *colons;
+	char *end;
 
 	if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
 		return 1;
@@ -1175,6 +1188,11 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
 		}
 		*colons = '\0';
 	}
+
+	/* strip trailing slashes, including first one */
+	for (end = crtlist_path + strlen(crtlist_path) - 1; end >= crtlist_path && *end == '/'; end--)
+		*end = 0;
+
 	/* look for crtlist */
 	ebmb = ebst_lookup(&crtlists_tree, crtlist_path);
 	if (!ebmb) {